Threema uses tried-and-tested asymmetric cryptography to protect messages and calls between sender and recipient (and the communication between the app and the servers). Threema uses the open-source library NaCl for encryption. Since the Threema apps are open source, anyone knowledgeable enough can confirm Threema’s security.
There are two layers of encryption: The end-to-end layer between the conversation participants, and an additional layer to protect against eavesdropping of the connection between the app and the servers. The latter is necessary to ensure that an adversary who captures network packets (e.g. on a public wireless network) cannot even learn who is logging in and who is communicating with whom.
All encryption and decryption happens directly on the device, and the user is in control over the key exchange. This guarantees that no third party – not even the server operators – can decrypt the content of the messages and calls.
Strength of the encryption: The asymmetric ECC based encryption used by Threema has a strength of 255 bits. According to a NIST estimate (page 54), this corresponds at least with the strength provided by 2048 bit RSA. ECDH on Curve25519 is used in conjunction with a hash function and a random nonce to derive a unique 256 bit symmetric key for each message. The stream cipher XSalsa20 is then used to encrypt the message. A 128 bit message authentication code (MAC) is also added to each message to detect manipulations/forgeries.
Perfect Forward Secrecy: Threema supports Perfect Forward Secrecy. For more details, please refer to this FAQ entry.For detailed technical information about the cryptography in Threema, read the Cryptography Whitepaper.
